// UK Government-backed certification
Understand the five controls, track your progress with our free checklist, and approach an accredited assessor when you're ready.
PhishShield is not a Cyber Essentials certification body. We provide a readiness checklist to help you prepare. Official certificates are issued exclusively by IASME and its licensed assessors on behalf of the NCSC.
~80%
of attacks preventable with CE controls
Mandatory
for central government contracts
£25k
free cyber insurance for eligible UK orgs
// The framework
Ensure only authorised traffic can reach your network — including devices used away from the office.
Remove default passwords, disable unnecessary accounts and services, and enable full-disk encryption on laptops.
Apply least-privilege principles. Only administrators should have admin accounts. MFA required for cloud services.
Anti-malware on all devices, email filtering, and application allow-listing where appropriate.
Critical security patches applied within 14 days. No end-of-life software in use.
// Where we fit in
A detailed breakdown of every CE sub-requirement (v3.3) so you can self-assess before paying for a formal assessment.
Measurable evidence that staff can identify phishing — directly relevant to the User Access Control and Malware Protection controls.
Click-through rates, department breakdowns, and trend data provide documentation your assessor will find useful.
// Next step
The main NCSC-approved certification body for CE. Use their directory to find a local licensed assessor.
The official NCSC guidance, including the current requirements document (v3.3) and FAQs.
PhishShield is not affiliated with IASME or the NCSC. These links are provided for your convenience.
// FAQ
What is Cyber Essentials?
Cyber Essentials is a UK government-backed certification scheme, developed by the National Cyber Security Centre (NCSC), that helps organisations protect against the most common cyber threats. It covers five technical controls.
Who issues Cyber Essentials certificates?
Certificates are only issued by NCSC-approved certification bodies — currently IASME and its licensed assessors. PhishShield is not a certification body and does not issue certificates. We provide a readiness checklist to help you prepare before approaching an assessor.
Do I need Cyber Essentials for government contracts?
Yes. Since October 2014, all suppliers bidding for central government contracts involving the handling of personal information or sensitive data must hold a valid Cyber Essentials certificate.
What's the difference between Cyber Essentials and CE Plus?
Cyber Essentials is a self-assessed questionnaire reviewed by an assessor. Cyber Essentials Plus adds hands-on technical verification by an accredited assessor, including scanning and testing of your systems.
Does CE certification include cyber insurance?
Cyber Essentials certification makes eligible UK organisations (turnover under £20M) eligible for free cyber liability insurance up to £25,000 through IASME. This is provided by the certification body, not by PhishShield.
How does PhishShield support Cyber Essentials?
Phishing simulations provide measurable evidence that your staff can identify and report phishing attempts — directly supporting the User Access Control and Malware Protection controls. This evidence can complement your certification application, but PhishShield does not provide certification itself.
// Get started
Use our free readiness checklist inside the PhishShield dashboard to understand exactly where your organisation stands before you contact an assessor.
Free with all plans · Certification issued by IASME assessors only